Crypto Wallets Targeted by Sophisticated Malware Campaign
12.04.2025 19:00 2 min. read Alexander Stefanov
Cybersecurity researchers are sounding the alarm after discovering a new and increasingly sophisticated attack targeting the crypto community.
This wave of cyberattacks uses a deceptive software supply chain to target popular Web3 wallets, including Atomic Wallet and Exodus, exploiting vulnerabilities in the npm package manager commonly used by JavaScript and Node.js developers.
The attack centers around a malicious package, pdf-to-office, which masquerades as a tool for converting PDF documents into Microsoft Office formats. However, once downloaded and executed, the package quietly inserts harmful code into the victim’s system, specifically altering locally installed versions of trusted crypto wallets like Atomic Wallet and Exodus.
This code then enables attackers to secretly intercept and reroute cryptocurrency transactions to wallets they control, all while the victim remains unaware.
What makes this attack particularly insidious is its subtlety. Rather than attacking open-source repositories directly, the attackers target existing, legitimate software installations by modifying them locally. This technique is harder to detect and more difficult to counter than traditional supply chain attacks that affect upstream code.
The malicious pdf-to-office package first appeared on npm in March 2025 and has been updated multiple times, with the latest version released in April. Using machine learning analysis, ReversingLabs researchers uncovered the malicious behavior, revealing that the package contained obfuscated JavaScript—an unmistakable sign of a malware campaign.
Even after users removed the malicious package, the damage persisted. The malicious patches remained in the Web3 wallet software, requiring victims to fully uninstall and reinstall their wallet applications to eliminate the trojan and restore security. This attack highlights the evolving nature of cyber threats in the crypto space, requiring heightened vigilance from both developers and users.
-
1
Former Celsius CEO Alex Mashinsky Set for Sentencing Next Month
24.04.2025 16:00 2 min. read -
2
DeFi Protocol Loopscale Hit by Exploit, Pauses Key Functions
27.04.2025 17:30 2 min. read -
3
Mango Markets Hacker Sentenced for Separate Criminal Charges
03.05.2025 11:00 1 min. read -
4
North Korean Agent Exposed in Crypto Job Scam at Kraken
04.05.2025 20:00 2 min. read -
5
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
05.05.2025 16:00 1 min. read
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
A decades-long Bitcoin holder has reportedly lost over $300 million in a devastating crypto theft — one of the largest in recent memory.
North Korean Agent Exposed in Crypto Job Scam at Kraken
In a cybersecurity twist that sounds more like espionage fiction than reality, Kraken recently intercepted an attempted infiltration by a North Korean hacker—disguised as a job seeker.
$330M Bitcoin Heist Traced to Social Engineering Scam Targeting U.S. Senior
A massive crypto theft has rocked the community, with a staggering $330 million in Bitcoin stolen in a sophisticated scam now believed to be the result of social engineering.
Mango Markets Hacker Sentenced for Separate Criminal Charges
Avraham Eisenberg, known for orchestrating the 2022 Mango Markets exploit, has been handed a 52-month prison sentence—but not for his crypto-related activities.
-
1
Former Celsius CEO Alex Mashinsky Set for Sentencing Next Month
24.04.2025 16:00 2 min. read -
2
DeFi Protocol Loopscale Hit by Exploit, Pauses Key Functions
27.04.2025 17:30 2 min. read -
3
Mango Markets Hacker Sentenced for Separate Criminal Charges
03.05.2025 11:00 1 min. read -
4
North Korean Agent Exposed in Crypto Job Scam at Kraken
04.05.2025 20:00 2 min. read -
5
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
05.05.2025 16:00 1 min. read